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WHAT IS CLAIMED IS: 

1 . A method of administering a processor-based system, said method comprising the 
steps of: 

implementing at least one compartment for containing at least one process executable on 
said processor-based system; and 

providing at least one operating system command-line utility executable to manipulate 
said at least one compartment 

2. The method of claim 1 wherein said at least one compartment defines whether 
said at least one process contained therein is allowed access to particular system resources. 

3. The method of claim 1 wherein said at least one process is labeled to identify the 
compartment in which it is contained. 

4. The method of claim 1 wherein said at least one command-Hne utiUty executable 
to manipulate said at least one compartment comprises at least one command-line utility 
executable to perform at least one type of compartment manipulation selected from the group 
consisting of 

adding a new compartment, renaming an existing compartment, removing an existing 
compartment, resizing an existing compartment, adding a process to a compartment, and 
removing a process from a compartment. 
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5. The method of claim 1 wherein said implementing step comprises: 
defining said at least one compartment in at least one configuration file. 

6. The method of claim 5 wherein said at least one command-line utility is 
executable to manipulate said at least one compartment without requiring a user to edit said at 
least one configuration file. 

7. The method of claim 1 wherein said implementing step comprises: 

providing at least one mle that defines containment of said at least one compartment in at 
least one configuration file. 

8. The method of claim 7 fiirther comprising the step of 

providing at least one command-line utility executable to manipulate said at least one rule. 

9. The method of claim 8 wherein said at least one command-line utility executable 
to manipulate said at least one mle comprises at least one command-line utility executable to 
perform at least one type of mle manipulation selected from the group consisting of: 

adding a new mle for a particular compartment, removing an existing rule for a particular 
compartment, and hsting all rales for a particular compartment. 
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10. A system comprising: 
at least one processor, 

an operating system implementing at least one compartment to which at least one process 
executable on said system can be associated; 

at least one configuration file defining said at least one compartment; and 

means for performing management of said at least one compartment without requiring 
that a user edit said at least one configuration file in which said at least one compartment is 
defined. 

1 1 . The system of claim 10 wherein said means for performing management of said at 
least one compartment fiirther enables management actions initiated via said means for 
performing management to be performed dynamically, without requiring that the system be re- 
booted in order for said management actions to be effective within said system. 

12. The system of claim 10 wherein said performing management of said at least one 
compartment comprises manipulating said at least one compartment. 

13. The system of claim 12 wherein said manipulating said at least one compartment 
includes at least one type of manipulation selected fi-om the group consisting of 

adding a new compartment, renaming an existing compartment, and removing an existing 
compartment, resizing an existing compartment, adding a process to a compartment, and 
removing a process from a compartment. 
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14. The system of claim 12 wherein said means for performing management of said at 
least one compartment further enables manipulating of said at least one compartment to be 
performed dynamically, without requiring that the system be re-booted in order for compartment 
manipulation to be effective within said system. 

1 5. The system of claim 10 wherein said performing management of said at least one 
compartment comprises switching from a first compartment to a second compartment. 

16. The system of claim 10 fiirther comprising: 

at least one configuration file including at least one rule defining containment of said at 
least one compartment. 

17. The system of claim 16 wherein said perfortning management of said at least one 
compartment comprises manipulating said at least one mle. 

18. The system of claim 1 7 wherein said manipulating said at least one rule 
comprises at least one type of manipulation selected from the group consisting of 

adding a new mle for a particular compartment, removing an existing rule for a particular 
compartment, and Usting all mles for a particular compartment. 

1 9. The system of claim 1 0 wherein said means for performing management 
comprises at least one operating system command-line utility executable to manage said at least 
one compartment. 
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20. A computer-readable medium including instructions executable by a processor, 
said computer-readable medium comprising: 

library of software fimctions for managing at least one compartment implemented by an 
operating system, wherein at least one process can be associated with said at least one 
compartment and said at least one compartment defines accessibility of resources for said at least 
one process associated therewith; and 

said library of software functions includes at least one command-line utility executable to 
manipulate said at least one compartment. 

21 . The computer-readable medium of claim 20 wherein at least one command-line 
utility executable to manipulate said at least one compartment includes at least one type of 
manipulation selected fi"om the group consisting of: 

adding a new compartment, renaming an existing compartment, and removing an existing 
compartment, resizing an existing compartment, adding a process to a compartment, and 
removing a process from a compartment. 

22. The computer-readable medium of claim 20 wherein at least one configuration file 
is implemented on a system to define said at least one compartment. 

23. The computer-readable medium of claim 22 wherein said at least one command- 
line utility is executable to manipulate said at least one compartment without requiring that a user 
edit said at least one configuration file. 
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24. The computer-readable medium of claim 20 wherein at least one rale is 
implemented to define accessibility of resources allowed for said at least one compartment, and 
wherein said library of software functions further includes at least one command-line utility 
executable to manipulate said at least one rale. 
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